FAUCET (https://github.com/faucetsdn/faucet), originally by REANNZ, is an open source SDN/OpenFlow controller for experimental and enterprise networks. FAUCET runs in production at multiple sites and supports multiple hardware vendors. This blog describes FAUCET itself and FAUCET use cases. The blog author works at Google and has contributed to FAUCET. Any opinions stated here are my own, not those of Google.

Monday, May 30, 2016

FAUCET quickstart

FAUCET, developed originally by REANNZ (and supported by the Open Network Foundation among others) is an open source SDN controller that implements a familiar learning switch with VLAN and NFV offload support (NMS, NFV, IP routing, ACLs, mirroring, and other features,will be described in future posts), and has unit tests. FAUCET is compatible with OpenFlow switches that support OpenFlow 1.3 and multiple tables, and implements all functionality using OpenFlow exclusively (ie. non "hybrid" mode). The switch does all the forwarding based on the flows the controller decides - which means new network functionality (for example, network security features) can be introduced by changing the controller, not the switch. The controller does no forwarding itself, and so can be upgraded/restarted with potentially no impact on forwarding. While FAUCET is in regular office use at several organizations around the world (including REANNZ, and the Open Network Foundation), it is also suitable for lab experimentation and teaching.In this post, we will set up FAUCET to provide switching for an untagged VLAN with two hosts - the most simple possible configuration. You will need two hosts, a third host to run the FAUCET controller on, and a supported switch. Included here is configuration for an Allied Telesis switch (search for SUPPORTED_HARDWARE in the FAUCET code, which has a list of switches and vendors known by the community to work - an OpenFlow 1.0 switch, or a switch that does not support multitable will absolutely not work - any standards based OpenFlow 1.3 switch with multitable should work).

Configuring the OpenFlow switch

You will first need to physically install and configure your OpenFlow switch, and test (switch ports 1 and 2)/controller (switch port 24) hosts. You will (of course) need to adjust the configuration depending on your switch/vendor.

!

! 10.0.0.1 is the IP address assigned to the controller machine

openflow controller tcp 10.0.0.1 6633

! This switch reserves for implementation reasons a VLAN for

! OpenFlow control

openflow native vlan 4090

!

! This switch requires VLAN tags to be reserved in advance.

! We reserve 2001-2999.

vlan database

vlan 1234,2001-2999,4090 state enable

!

interface port1.0.1-1.0.2

openflow

switchport

switchport mode access

!

! port 24 used for CPN

interface port1.0.24

switchport

switchport mode access

switchport access vlan 1234

!

interface vlan1234

ip address 10.0.0.2/24

!

Writing a configuration file

FAUCET reads a YAML configuration file. This file (typically faucet.yaml) describes the network, and should contain the following:

Note in particular dp_id (DataPath ID). This must be configured to match your switch. Some switches allow you to configure the DPID on the switch, on others it is hard coded (on the Allied Telesis switch, you can get the DPID from show openflow status).

Note also that YAML is very sensitive about whitespace (and tabs in particular). Be sure to use spaces and matching indentation.

Installing the controller

FAUCET is based on the python Ryu SDN framework. This means that the FAUCET controller is just a python process that reads a configuration file (described below), and listens for an OpenFlow connection initiated by the switch, and installs flows as required. Install and run docker using the instructions provided. At the time of writing Ubuntu 14.0.4 LTS server is known to work well.

Testing and troubleshooting

You now have a switch! Test host 1, should now be able to ping test host 2 (provided you configured them with IP addresses, of course). You will be able to see flows installed in the switch as FAUCET learns the MAC address of each host. For example, on an Allied Telesis switch, shows that a host has been learned on port 1:

If your test hosts can't reach each other, check that the switch and FAUCET controller can reach each other (ie. that the switch can make a successful OpenFlow connection via TCP to the controller). Check that your YAML file has correct indentation and that your DPID matches.

Where next?

Take a look at FAUCET's unit tests to see what features have been implemented and how they are configured. We'll go into detail in future posts.